How to discover the SoD rules (bottom up discovery)
How to load many rules into the compliance solution
As for the “How to discover the rules”, this I will discuss in a separate article.
How to load many rules into the compliance solution:
Most SoD solutions provide an editor that enables the end user to feed in the SoD rules and then test these rules.
This editor allows the Auditor to define his/her SoD rules manually.
However, in reality, a business with 100k users, may have thousands of SoD rules that need to be fed into the SoD solution.
The challenge: to upload all those SoD rules.
Most auditors keep the SoD rules in a spreadsheet that look like the figure below:
The X represents a “collision” which means that if a user has access to a role from the “green” list, he can not have access to a role from the “yellow” list.
This example is for role to role but it can be applied to any type of objects as: resource to resource, role to resource, user attribute to role .. etc.
This is usually an XLS file that can be converted to a CSV file in the following text layout that includes the list of couple of roles (objects) that should be segregated:
The next step is to use the loader utility that is supplied with the SoD solution that can read and load the text file and convert it into SoD rules.
In projects that I have been involved with, we have managed, in a matter of hours (max 1 day) to cover the following:
Get the XLS file from the auditors
Convert the file to a TEXT file by xls experts
Load the file into the SoD solution
Generate a list of violations
In these projects, customers were using Eurekify’s solution for Auditors.
Eurekify/Sage SoD solution is an overall solution that addressed all aspects of SoD management, reports and other requirements for complete and extensive SoD projects (SOX, HIPAA, FERC, GLB, BASEL II, GAO, FFIEC, OMB, IRS Regulations, Fed Rules, UETA, ESign, NARA, FISMA, FISCAM and more..)
Ilan Sharoni
Director Eurekify
In projects that I have been involved with, we have managed, in a matter of hours (max 1 day) to cover the following:
Get the XLS file from the auditors
Convert the file to a TEXT file by xls experts
Load the file into the SoD solution
Generate a list of violations
In these projects, customers were using Eurekify’s solution for Auditors.
Eurekify/Sage SoD solution is an overall solution that addressed all aspects of SoD management, reports and other requirements for complete and extensive SoD projects (SOX, HIPAA, FERC, GLB, BASEL II, GAO, FFIEC, OMB, IRS Regulations, Fed Rules, UETA, ESign, NARA, FISMA, FISCAM and more..)
Ilan Sharoni
Director Eurekify
